A uniform resource identifier (URI) is a string of characters used to identify Internet resources by location or by name. For example, a uniform resource locator (URL) is a type of URI that is commonly used by Internet applications to request data from a server. In general, when a server publishes a URI, the URI both identifies a server resource and defines an access path to that resource.
As Internet commerce continues to expand, a URI may increasingly contain sensitive data. There are numerous examples of sensitive information, including bank account numbers, credit card numbers, passwords, social security numbers, access credentials, etc. Such sensitive data may be contained within either path or query components of a URI. For example, in some instances, an OData URI may contain a key predicate that also may contain sensitive information. In another example, OData documents stored and transmitted by a server often contain numerous URIs that may include sensitive information. Understandably, exhibiting such data may give rise to a security breach or a violation of legal regulations.
Data transformation can be used to modify, manipulate, or change sensitive data originating from one or more backend systems before presentation to an end user, while keeping the original data in the backend systems unchanged. In existing systems, access to sensitive data is controlled via user roles that allow or deny the access to entire business objects or documents. For example, sensitive data contained in sales orders or employee data may be secured based on an associated access level of the retrieving user or client system.
Existing approaches fail to provide detailed access control for data transformation without significant modifications in backend systems, or complex rule sets that require extensive modifications to customer user interfaces used to access backend systems. However, the desired state of transformation may be to implement detailed access control so that only certain portions of data objects, identifiers, URIs, business objects, documents, or other data are transformed. Accordingly, the inventors have identified a need for an improved system and method for securing sensitive data.